Time-Based Authentication

1. Authentication equipment, the equipment comprising portable electronic equipment and time-based authentication apparatus, the portable electronic equipment comprising: i) an input and an output; ii) a data storage for receiving and storing a seed record deployed by a seed record deployment apparatus; iii) a time-based code generator for generating time-based codes from a received seed record, each code being valid with respect to a respective time slot; and iv) an output assembler configured to output a composite code comprising two or more different ones of said time-based codes, each one of the two or more different time-based codes being valid with respect to a different respective time slot; and the time-based authentication apparatus comprising: a) a profile store updater for creating and updating a stored set of data profiles, each data profile including the seed record from which time-based security codes can be generated using a current time at the authentication apparatus, and user identification data; b) the seed record deployment apparatus for deploying a seed record for access via the portable electronic equipment and to one of the data profiles; and c) a code authenticator for receiving and authenticating time-based codes on the basis of a deployed seed record, wherein the code authenticator is adapted to receive two or more different time-based codes in respect of the same authentication instance, each received time-based code being valid with respect to a different respective time slot; and wherein the code authenticator is configured to generate a set of time-based codes based on the current time at the code authenticator and to match said two or more different received time-based codes to said set of generated time-based codes.

2. Equipment according to claim 1 wherein the output assembler is configured to output the composite code as a graphic screen display.

3. Equipment according to claim 2 wherein the graphic screen display comprises a QR code.

4. Equipment according to claim 1 wherein the portable electronic equipment is configured to provide an inter-machine local communication channel and the output assembler is configured to output the composite code as content for that communication channel.

5. Equipment according to claim 4 wherein the inter-machine communication channel comprises at least one selected from the following: a near field communications channel; a wireless communication channel; a WiFi channel; a universal serial bus socket; and an audio channel for delivering a set of encoded sound tones.

6. Equipment according to claim 1 wherein each time-based code of a composite code comprises at least six digits.

7. Equipment according to claim 1 , adapted for connection to a mobile communications network.

8. Apparatus according to claim 1 wherein the set of generated time-based codes is valid with respect to consecutive time slots together covering a period of time.

9. Apparatus according to claim 8 wherein the period of time is at least +/−five hours with respect to the current time for the code authenticator.

10. Apparatus according to claim 1 wherein said two or more different time-based codes are valid with respect to consecutive time slots.

11. Apparatus according to claim 1 wherein the code authenticator is configured to authenticate in two different modes, in a first mode to authenticate on the basis of a single time-based code and in a second mode to authenticate on the basis of at least two of said different time-based codes.

12. Apparatus according to claim 11 wherein the code authenticator is configured to operate in said first mode on receipt of at least one time-based code and to operate in said second mode on failure of authentication in said first mode.

13. Apparatus according to claim 11 wherein: in the first mode the code authenticator is configured to match the single time-based code to codes in a set which are valid with respect to consecutive time slots together covering a first period of time; and in the second mode the code authenticator is configured to match the at least two time-based codes to codes in a set which are valid with respect to consecutive time slots together covering a second period of time, the second period being longer than the first period.

14. Apparatus according to claim 8 wherein the period of time is at least +/−thirteen hours with respect to a current time for the code authenticator.

15. Equipment according to claim 1 wherein one of the two or more different time-based codes is valid with respect to a current time slot of the portable electronic equipment.

16. A method of authenticating an entity on the basis of a seed record for that entity, the method comprising the steps of: a) receiving at least two different time-based codes at authentication apparatus, each code relating to the same seed record but being associated with a different respective time slot in relation to a current time at the authentication apparatus; b) the authentication apparatus generating a set of time-based codes relating to the seed record and using the current time at the authentication apparatus; c) the authentication apparatus searching the set of generated time-based codes for the received time-based codes, the set being valid with respect to consecutive time slots together potentially covering a period of time for time-based codes matching the received time-based codes; and d) using portable equipment to generate time-based codes from a seed record by: i) generating two or more different codes from the seed record, each code being valid with respect to a different respective time slot, using the current time at the portable equipment; and ii) constructing a composite code comprising said two or more different time-based codes.

17. A method according to claim 16 , further comprising, prior to step c), the following step of: e) after receiving a first of said two different time-based codes, the authentication apparatus searching the generated set of time-based codes valid with respect to consecutive time slots together covering a period of time for a time-based code matching said first time-based code, and failing to find said matching time-based code.

18. A method according to claim 17 wherein the period of time of step c) is greater than the period of time of step e).

19. A method according to claim 18 wherein the period of step c) is +/−thirteen hours with respect to the current time at the authentication apparatus.

20. A method according to claim 16 , further comprising the step of outputting the composite code in the form of a QR code or other content for transmission from the portable equipment by an inter-machine local communication channel.

21. A method according to claim 16 wherein the two or more different codes generated using the portable equipment are valid in relation to non-consecutive time slots.